7.3

CVSS3.1

CVE-2025-56132 -

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2 introdu…

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 15, 2025, 6:38 p.m.

6.5

CVSS3.1

CVE-2025-52049 -

In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into the timelog parameter.

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 3, 2025, 4:19 p.m.

7.5

CVSS3.1

CVE-2025-56572 -

An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter.

πŸ“… Published: Sept. 30, 2025, midnight πŸ”„ Last Modified: Oct. 8, 2025, 2:26 p.m.

6.5

CVSS3.1

CVE-2025-59956 - AgentAPI exposed user chat history via a DNS rebinding attack

AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for the …

πŸ“… Published: Sept. 29, 2025, 11:57 p.m. πŸ”„ Last Modified: Oct. 8, 2025, 3:05 p.m.

9.1

CVSS3.1

CVE-2024-58040 - Crypt::RandomEncryption for Perl uses insecure rand() function during encryption

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.

πŸ“… Published: Sept. 29, 2025, 11:54 p.m. πŸ”„ Last Modified: March 9, 2026, 5:17 p.m.

9.3

CVSS4.0

CVE-2025-59954 - Knowage Contains a Remote Code Execution Vulnerability

Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27.

πŸ“… Published: Sept. 29, 2025, 11:48 p.m. πŸ”„ Last Modified: Oct. 8, 2025, 3:08 p.m.

8.7

CVSS4.0

CVE-2025-59952 - minio-java Client XML Tag is Vulnerable to Value Substitution

MinIO Java SDK is a Simple Storage Service (aka S3) client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substit…

πŸ“… Published: Sept. 29, 2025, 11:32 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.7

CVSS3.1

CVE-2025-59950 - FreshRSS: Double clickjacking can lead to privilege escalation

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection (confirmation dialog), it is possible to trick the admin into clicking the Promote button in another user's management page after the admin double clicks on a button ins…

πŸ“… Published: Sept. 29, 2025, 11:21 p.m. πŸ”„ Last Modified: Oct. 3, 2025, 3:52 p.m.

6.9

CVSS4.0

CVE-2025-61586 - FreshRSS is vulnerable to directory enumeration by setting path in its theme field

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by setting path in theme field, allowing attackers to gain additional information about the server by checking if certain directories exist. This issue is fixed in version 1.27.0.

πŸ“… Published: Sept. 29, 2025, 11:14 p.m. πŸ”„ Last Modified: Oct. 3, 2025, 3:39 p.m.

6.7

CVSS3.1

CVE-2025-59948 - FreshRSS is vulnerable to XSS due to lack of CSP on HTML query page

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to be…

πŸ“… Published: Sept. 29, 2025, 10:56 p.m. πŸ”„ Last Modified: Oct. 3, 2025, 3:55 p.m.
Total resulsts: 349182
Page 3637 of 34,919
Β« previous page Β» next page
Filters